Re: SV: HaProxy does not updating DNS cache

2023-09-13 Thread Willy Tarreau 
Hi Henning,

On Wed, Sep 13, 2023 at 05:54:46PM +, Henning Svane wrote:
> Hi 
> 
> Thanks for your answer.
> 
> It is in the frontend I used the "dynamic" DNS.
> 
> Will the resolver also be used in the frontend section?
> 
> Because I only can see examples for backend servers.

Could you please share a config example that illustrates how
you're reproducing the issue ? It will be easier for everyone
to discuss around something concrete rather that try to imagine
various hypothesis.

Generally speaking, the DNS has its own section. It can be used
from a "do-resolve()" action (irrelevant to frontend/backend) as
well as servers when they have the "resolvers" keyword, but in
this case servers are in a backend.

Willy

SV: HaProxy does not updating DNS cache

2023-09-13 Thread Henning Svane 
Hi 

Thanks for your answer.

It is in the frontend I used the "dynamic" DNS.

Will the resolver also be used in the frontend section?

Because I only can see examples for backend servers.

Regards
Henning 

-Oprindelig meddelelse-
Fra: William Lallemand  
Sendt: 13. september 2023 14:50
Til: Henning Svane 
Cc: haproxy@formilux.org
Emne: Re: HaProxy does not updating DNS cache

On Wed, Sep 13, 2023 at 12:39:36PM +, Henning Svane wrote:
> Hi
> 
> I have tried using a DNS with a TTL of 600 sec. and the DNS changes 
> once in a while, but every time I have to restart Haproxy to get the 
> updated DNS to work.  Even if I wait for hours. I can see with 
> nslookup that the server can see the updated DNS correctly.
> 
> So is there a setting that makes HaProxy TTL aware? So HaProxy reloads 
> the DNS record every time the TTL expires.
> 
> Regards Henning

DNS are resolved at startup, if you want dynamic resolving you need to use a 
resolvers section [1] and the resolvers keyword on server lines.


[1]: 
https://docs.haproxy.org/2.8/configuration.html#resolvers%20(The%20resolvers%20section)


--
William Lallemand

SV: HaProxy does not updating DNS cache

2023-09-13 Thread Henning Svane 
Hi 

haproxy -vv
HAProxy version 2.8.2-1ppa1~jammy 2023/08/12 - https://haproxy.org/
Status: long-term supported branch - will stop receiving fixes around Q2 2028.
Known bugs: http://www.haproxy.org/bugs/bugs-2.8.2.html
Running on: Linux 5.15.0-83-generic #92-Ubuntu SMP Mon Aug 14 09:30:42 UTC 2023 
x86_64
Build options :
  TARGET  = linux-glibc
  CPU = generic
  CC  = cc
  CFLAGS  = -O2 -g -O2 -flto=auto -ffat-lto-objects -flto=auto 
-ffat-lto-objects -fstack-protector-strong -Wformat -Werror=format-security 
-Wdate-time -D_FORTIFY_SOURCE=2 -Wall -Wextra -Wundef 
-Wdeclaration-after-statement -Wfatal-errors -Wtype-limits 
-Wshift-negative-value -Wshift-overflow=2 -Wduplicated-cond -Wnull-dereference 
-fwrapv -Wno-address-of-packed-member -Wno-unused-label -Wno-sign-compare 
-Wno-unused-parameter -Wno-clobbered -Wno-missing-field-initializers 
-Wno-cast-function-type -Wno-string-plus-int -Wno-atomic-alignment
  OPTIONS = USE_OPENSSL=1 USE_LUA=1 USE_SLZ=1 USE_SYSTEMD=1 USE_OT=1 
USE_PROMEX=1 USE_PCRE2=1 USE_PCRE2_JIT=1
  DEBUG   = -DDEBUG_STRICT -DDEBUG_MEMORY_POOLS

Feature list : -51DEGREES +ACCEPT4 +BACKTRACE -CLOSEFROM +CPU_AFFINITY +CRYPT_H 
-DEVICEATLAS +DL -ENGINE +EPOLL -EVPORTS +GETADDRINFO -KQUEUE -LIBATOMIC 
+LIBCRYPT +LINUX_SPLICE +LINUX_TPROXY +LUA +MATH -MEMORY_PROFILING +NETFILTER 
+NS -OBSOLETE_LINKER +OPENSSL -OPENSSL_WOLFSSL +OT -PCRE +PCRE2 +PCRE2_JIT 
-PCRE_JIT +POLL +PRCTL -PROCCTL +PROMEX -PTHREAD_EMULATION -QUIC +RT +SHM_OPEN 
+SLZ +SSL -STATIC_PCRE -STATIC_PCRE2 +SYSTEMD +TFO +THREAD +THREAD_DUMP +TPROXY 
-WURFL -ZLIB

Default settings :
  bufsize = 16384, maxrewrite = 1024, maxpollevents = 200

Built with multi-threading support (MAX_TGROUPS=16, MAX_THREADS=256, default=2).
Built with OpenSSL version : OpenSSL 3.0.2 15 Mar 2022
Running on OpenSSL version : OpenSSL 3.0.2 15 Mar 2022
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports : TLSv1.0 TLSv1.1 TLSv1.2 TLSv1.3
OpenSSL providers loaded : default
Built with Lua version : Lua 5.3.6
Built with the Prometheus exporter as a service
Built with network namespace support.
Built with OpenTracing support.
Built with libslz for stateless compression.
Compression algorithms supported : identity("identity"), deflate("deflate"), 
raw-deflate("deflate"), gzip("gzip")
Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT 
IP_FREEBIND
Built with PCRE2 version : 10.39 2021-10-29
PCRE2 library supports JIT : yes
Encrypted password support via crypt(3): yes
Built with gcc compiler version 11.4.0

Available polling systems :
  epoll : pref=300,  test result OK
   poll : pref=200,  test result OK
 select : pref=150,  test result OK
Total: 3 (3 usable), will use epoll.

Available multiplexer protocols :
(protocols marked as  cannot be specified using 'proto' keyword)
 h2 : mode=HTTP  side=FE|BE  mux=H2flags=HTX|HOL_RISK|NO_UPG
   fcgi : mode=HTTP  side=BE mux=FCGI  flags=HTX|HOL_RISK|NO_UPG
 h1 : mode=HTTP  side=FE|BE  mux=H1flags=HTX|NO_UPG
   : mode=HTTP  side=FE|BE  mux=H1flags=HTX
   none : mode=TCP   side=FE|BE  mux=PASS  flags=NO_UPG
   : mode=TCP   side=FE|BE  mux=PASS  flags=

Available services : prometheus-exporter
Available filters :
[BWLIM] bwlim-in
[BWLIM] bwlim-out
[CACHE] cache
[COMP] compression
[FCGI] fcgi-app
[  OT] opentracing
[SPOE] spoe
[TRACE] trace

Regards
Henning

-Oprindelig meddelelse-
Fra: Aleksandar Lazic  
Sendt: 13. september 2023 17:26
Til: Henning Svane 
Cc: haproxy@formilux.org
Emne: Re: HaProxy does not updating DNS cache

Hi.

On 2023-09-13 (Mi.) 14:39, Henning Svane wrote:
> Hi
> 
> I have tried using a DNS with a TTL of 600 sec. and the DNS changes 
> once in a while, but every time I have to restart Haproxy to get the 
> updated DNS to work.
> 
> Even if I wait for hours. I can see with nslookup that the server can 
> see the updated DNS correctly.
> 
> So is there a setting that makes HaProxy TTL aware? So HaProxy reloads 
> the DNS record every time the TTL expires.

Please add always the output of `haproxy -vv`, thanks.

> Regards
> 
> Henning

Regards
Alex

Re: HaProxy does not updating DNS cache

2023-09-13 Thread Aleksandar Lazic 

Hi.

On 2023-09-13 (Mi.) 14:39, Henning Svane wrote:

Hi

I have tried using a DNS with a TTL of 600 sec. and the DNS changes once 
in a while, but every time I have to restart Haproxy to get the updated 
DNS to work.


Even if I wait for hours. I can see with nslookup that the server can 
see the updated DNS correctly.


So is there a setting that makes HaProxy TTL aware? So HaProxy reloads 
the DNS record every time the TTL expires.


Please add always the output of `haproxy -vv`, thanks.


Regards

Henning


Regards
Alex

Re: HaProxy does not updating DNS cache

2023-09-13 Thread William Lallemand 
On Wed, Sep 13, 2023 at 12:39:36PM +, Henning Svane wrote:
> Hi
> 
> I have tried using a DNS with a TTL of 600 sec. and the DNS changes
> once in a while, but every time I have to restart Haproxy to get the
> updated DNS to work.  Even if I wait for hours. I can see with
> nslookup that the server can see the updated DNS correctly.
> 
> So is there a setting that makes HaProxy TTL aware? So HaProxy reloads
> the DNS record every time the TTL expires.
> 
> Regards Henning

DNS are resolved at startup, if you want dynamic resolving you need to
use a resolvers section [1] and the resolvers keyword on server lines.


[1]: 
https://docs.haproxy.org/2.8/configuration.html#resolvers%20(The%20resolvers%20section)


-- 
William Lallemand

HaProxy does not updating DNS cache

2023-09-13 Thread Henning Svane 
Hi

I have tried using a DNS with a TTL of 600 sec. and the DNS changes once in a 
while, but every time I have to restart Haproxy to get the updated DNS to work.
Even if I wait for hours. I can see with nslookup that the server can see the 
updated DNS correctly.

So is there a setting that makes HaProxy TTL aware? So HaProxy reloads the DNS 
record every time the TTL expires.

Regards
Henning